resource "alicloud_ram_user" "main" {
  name                      = var.user_name
  force                     = var.user_force_destroy
  display_name              = var.user_display_name
  mobile                    = var.user_mobile
  email                     = var.user_email
  comments                  = var.user_comments
}

resource "alicloud_ram_login_profile" "main" {
  count                     = var.user_console_login_access ? 1 : 0
  user_name                 = alicloud_ram_user.main.name
  password                  = var.user_password
  mfa_bind_required         = var.user_mfa_bind_required
  password_reset_required   = var.user_password_reset_required
}

resource "alicloud_ram_access_key" "main" {
  count                     = var.user_access_key_access ? 1 : 0
  user_name                 = alicloud_ram_user.main.name
  secret_file               = var.secret_file
}

data "alicloud_ram_policies" "admin" {
  name_regex                = "^AdministratorAccess$"
  type                      = "System"
}

data "alicloud_ram_policies" "reader" {
  name_regex                = "^ReadOnlyAccess$"
  type                      = "System"
}
resource "alicloud_ram_user_policy_attachment" "attach1" {
  count                     = var.is_admin ? 1 : 0
  policy_name               = data.alicloud_ram_policies.admin.policies[0].name
  policy_type               = "System"
  user_name                 = alicloud_ram_user.main.name
}
resource "alicloud_ram_user_policy_attachment" "attach2" {
  count                     = var.is_reader ? 1 : 0
  policy_name               = data.alicloud_ram_policies.reader.policies[0].name
  policy_type               = "System"
  user_name                 = alicloud_ram_user.main.name
}
resource "alicloud_ram_account_password_policy" "main" {
  minimum_password_length      = 15
  require_lowercase_characters = true
  require_uppercase_characters = true
  require_numbers              = true
  require_symbols              = true
  hard_expiry                  = true
  max_password_age             = 90
  password_reuse_prevention    = 0
  max_login_attempts           = 3
}
resource "alicloud_ram_group_membership" "main" {
  group_name = var.user_group
  user_names = ["${alicloud_ram_user.main.name}"]
}